Seculert Boosts Infection Visibility With New Executive Dashboard

The Executive Dashboard uses machine learning to make sense of attack behavior against a given organization.

When it comes to security, every chief information security officer must know precisely where his or her company stands. It's a task that security vendor Seculert is aiming to help with by launching a new Executive Dashboard that provides visibility into the current attack and infection status of an organization.
"We started the business with sinkholing botnets and understanding what the bad guys were stealing, but that wasn't a business we could scale," Richard Greene, CEO of Seculert, told eWEEK.
So Seculert moved down the attack chain into the enterprise and built out a security platform. The platform includes an attack profile database at the back end, where attacks and malware are run on multiple systems around the world to create a log file of everything an attacker is able to do.
Looking beyond just understanding known attacks, the Seculert platform has machine learning capabilities that are able to make sense of attack behavior against a given organization.

"We now have over 1 million users protected by Seculert at Fortune 500 companies, and we're now processing 200 terabytes of logs every week, looking at behaviors," Greene said. "About 40 percent of attacks are unknown that we don't have a previous sample for."

The new Executive Dashboard in the Seculert platform is all about providing metrics that executives can make sense of to understand the attack data that Seculert is able to provide. A key answer that many executives will seek to learn is the return on investment from security-related expenditures. Greene said that figuring out ROI on security is a very difficult, if not impossible task.
"What I do at Seculert is provide metrics that show an executive a trend," he said.
A trend in the Executive Dashboard can show that over a period of time for a given company there are more or less machines that have been attacked and actually infected. As an example, Greene said that one customer's dashboard showed that the company had 180,000 devices, with 161 machines that were taken over by a persistent attacker. Of those machines, only 1MB of data leaked out, though the attackers had attempted to get 43MB of data. Additionally, the dashboard showed that the company was infected for only a maximum of 10 days, which in comparison to other companies is very good.
The dashboard also provides a trend line that shows the rate at which an enterprise's IT assets are getting infected.
"You're always going to have a reinfection problem as long as people click in emails and go to sites they shouldn't go to," Greene said. "So, it's very simple for a security professional to say to the boss, 'We're getting better' or 'We're getting worse.'"
With an understanding of security trends, security professionals will be able to better make a case for any additional investment that is required to help reverse a negative security trend and improve overall security.
"So there are some headline numbers and a graph," Greene said. "Executives read graphs very well."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.